CVE-2024-56659

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74

Description A vulnerability in the Linux kernel has been resolved, specifically in the net/lapb code, where the LAPB HEADER LEN was increased. The issue was unclear if the code was supposed to be ready for 8021q, but it was possible to avoid crashes like the one described. The vulnerability caused a kernel bug at net/core/skbuff.c:206, resulting in an invalid opcode. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations To resolve the issue, update the Linux kernel to version 6.6.74 or later. As a temporary workaround, consider disabling the lapbeth data transmit() function until a patch is available. Restrict access to the vulnerable module net/lapb to minimize the risk of exploitation. Avoid using the skb push() function in the affected API endpoint until the issue is resolved.